Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

Two WAN uplinks and routing based on LAN source IP

Dear all,

I have router with two WAN interfaces ('primary' and 'secondary') and one LAN. My LAN subnet is 10.0.0./23 .

For some reasons I need to configure router in such way, that most of the LAN users should go out via 'primary' WAN uplink, but few LAN ip address should use only 'secondary' WAN.

Which tools should I use? What is the best approach to achive above goal?

Thank you in advance for any tip.

BR

Piotr

Everyone's tags (2)
3 ACCEPTED SOLUTIONS

Accepted Solutions

Re: Two WAN uplinks and routing based on LAN source IP

Hello

You dont say how the uplinks are connected - ie dynamically or static routing however on the information you have provided initially this sounds like a job for PBR ( policy Based routing)

Something like this:

PBR with 2 wan links - static routing

==============================================

access-list 1 permit x.x.x.x

access-list 2 permit y.y.y.y

track 3 list boolean and

object 1

object 2

ip sla 1

icmp-echo (primary wan ip source-ip (Primary wan interface of router)

frequency 5

ip sla 2

icmp-echo (seconday wan ip source-ip (secondary wan interface of router)

frequency 5

ip sla schedule 1 start-time now  life forever

ip sla schedule 2 start-time now  life forever

track 1 ip sla 1 reach

track 2 ip sla 2 reach

route-map PBR permit 10

match ip address 1

set ip next-hop (prmary link) (seconady link)

set ip next-hop verify-availability (prmary link) 1 track 1

set ip next-hop verify-availability (secondary link) 2 track 2

route-map PBR permit 10

match ip address 2

set ip next-hop (secondary link) (prmary link)

set ip next-hop verify-availability (secondary link) 1 track 2

set ip next-hop verify-availability (prmary link) 2 track 1

ip route 0.0.0.0 0.0.0.0  x.x.x.x ( prmary wan) 200 track 3

ip route 0.0.0.0 0.0.0.0  x.x.x.x ( secondary wan) 250

int xx ( lan interace)

ip policy route-map PBR

res

Paul

Please don't forget to rate any posts that have been helpful.

Thanks.

Please don't forget to rate any posts that have been helpful. Thanks.

Re: Two WAN uplinks and routing based on LAN source IP

Hello

Any prefix matched in either acl 1 or 2 will be PBR'd to the first nexhop defined in the route-map associated with that acl (if it is reachable), if its not reachable it will try the secondary nexthop defined....

If no matches are made on either acl then the packet will NOT be PBR'd it WILL be routed as per the default routing table.....it isn't dropped.

res

Paul

Please don't forget to rate any posts that have been helpful.

Thanks.

Please don't forget to rate any posts that have been helpful. Thanks.
Purple

Two WAN uplinks and routing based on LAN source IP

Hi,

track 3 will be up if track 1 and track 2 are UP and will be down when either one is down or both are down.

Regards

Alain

Don't forget to rate helpful posts.

Don't forget to rate helpful posts.
9 REPLIES

Re: Two WAN uplinks and routing based on LAN source IP

Hello

You dont say how the uplinks are connected - ie dynamically or static routing however on the information you have provided initially this sounds like a job for PBR ( policy Based routing)

Something like this:

PBR with 2 wan links - static routing

==============================================

access-list 1 permit x.x.x.x

access-list 2 permit y.y.y.y

track 3 list boolean and

object 1

object 2

ip sla 1

icmp-echo (primary wan ip source-ip (Primary wan interface of router)

frequency 5

ip sla 2

icmp-echo (seconday wan ip source-ip (secondary wan interface of router)

frequency 5

ip sla schedule 1 start-time now  life forever

ip sla schedule 2 start-time now  life forever

track 1 ip sla 1 reach

track 2 ip sla 2 reach

route-map PBR permit 10

match ip address 1

set ip next-hop (prmary link) (seconady link)

set ip next-hop verify-availability (prmary link) 1 track 1

set ip next-hop verify-availability (secondary link) 2 track 2

route-map PBR permit 10

match ip address 2

set ip next-hop (secondary link) (prmary link)

set ip next-hop verify-availability (secondary link) 1 track 2

set ip next-hop verify-availability (prmary link) 2 track 1

ip route 0.0.0.0 0.0.0.0  x.x.x.x ( prmary wan) 200 track 3

ip route 0.0.0.0 0.0.0.0  x.x.x.x ( secondary wan) 250

int xx ( lan interace)

ip policy route-map PBR

res

Paul

Please don't forget to rate any posts that have been helpful.

Thanks.

Please don't forget to rate any posts that have been helpful. Thanks.
New Member

Re: Two WAN uplinks and routing based on LAN source IP

That's great. pdriver, thanks!

Can you jest explain what statement below mean?

track 3 list boolean and

object 1

object 2

And why it is used in 'ip route'?

Thanks in advance.

Purple

Two WAN uplinks and routing based on LAN source IP

Hi,

track 3 will be up if track 1 and track 2 are UP and will be down when either one is down or both are down.

Regards

Alain

Don't forget to rate helpful posts.

Don't forget to rate helpful posts.
New Member

Re: Two WAN uplinks and routing based on LAN source IP

pdriver,

I configured almost in same way as you wrote (I skipped SLA part, because right now I do not need it) and unfortunately something is not as I thought:

Router(config)#route-map RM-test permit 10

Router(config-route-map)#match ip add

Router(config-route-map)#match ip address ACL_all_computers_subnet

Router(config-route-map)#set ip next-hop GW_IP_of_primary_uplink

Router(config-route-map)#exit

Router(config)#route-map RM-test permit 10

Router(config-route-map)#match ip address ACL_internal_servers

Router(config-route-map)#set ip next-hop GW_IP_of_secondary_uplink

Router(config-route-map)#exit

Router(config)#do sh route-map RM-test

route-map RM-test, permit, sequence 10

  Match clauses:

    ip address (access-lists): ACL_all_computers_subnet ACL_internal_servers

  Set clauses:

    ip next-hop GW_IP_of_primary_uplink GW_IP_of_secondary_uplink

  Policy routing matches: 0 packets, 0 bytes

So, as far as I understand, both uplinks will be threated equally or GW_IP_of_primary_uplink will handle most of the traffic.

Please, let me know, where I made a mistake in configuration or in a way of thinking.

Thank you in advance.

Re: Two WAN uplinks and routing based on LAN source IP

Hello

I saw an config error in my OP relating to the route-map stanza's numbering  - which I amended, please check.

res

Paul

Please don't forget to rate any posts that have been helpful.

Thanks.

Please don't forget to rate any posts that have been helpful. Thanks.
New Member

Re: Two WAN uplinks and routing based on LAN source IP

It works like a charm.

Thank you all for sharing your knowledge.

New Member

Re: Two WAN uplinks and routing based on LAN source IP

Yes, I was also thinking about PBR. However, I have one concern regarding access-list in this example (please correct me if I am wrong):

  • acl 1 should consist of sigle IP addresses which should go via 'secondary' link
  • acl 2 should be 'one-liner' which enables traffic for whole network via 'primary' link

With above conditions, first route-map entry should have set ip next-hop (secondary link) (prmary link) while second route-map should have set ip next-hop (prmary link) (secondary link).


Let's presume, that request comes from IP 10.0.0.2, which is not in acl 1. Because acl 1 cannot be applied on 10.0.0.2 , it will be 'transferred' to acl 2 and at the end request from 10.0.0.2 will go via 'primary' uplink. Request from 10.0.0.3 IP, which is mentioned in acl 1, will be 'cought' by acl1 so it wil go via 'secondary' uplink.

Do I understand it correctly?

Thanks.

Purple

Two WAN uplinks and routing based on LAN source IP

Hi,

What you could do too is primary path with a default static route with AD of 1 and secondary path with a static route with AD of 10, then make an ACL for the few LAN users wanting to go via secondary path and match against it in a route-map that sets the next-hop to secondary next-hop.Then use this route-map for PBR on the lan interface.

of course there is no tracking involved here  so depending upon wan technology you may need to track the first static route so most users use secondary when secondary is down and track the next-hop in the PBR so few users will use primary in case secondary link is down.

Regards

Alain

Don't forget to rate helpful posts.

Don't forget to rate helpful posts.

Re: Two WAN uplinks and routing based on LAN source IP

Hello

Any prefix matched in either acl 1 or 2 will be PBR'd to the first nexhop defined in the route-map associated with that acl (if it is reachable), if its not reachable it will try the secondary nexthop defined....

If no matches are made on either acl then the packet will NOT be PBR'd it WILL be routed as per the default routing table.....it isn't dropped.

res

Paul

Please don't forget to rate any posts that have been helpful.

Thanks.

Please don't forget to rate any posts that have been helpful. Thanks.
740
Views
0
Helpful
9
Replies
CreatePlease to create content